Question No: 41 – (Topic 1)

A security administrator would like to restrict the number of simultaneous lightweight processes (LWPs) that the webadm role may have at any given time. The security administrator has created the following policy in /etc/projects: user.webadm:10000::::task.max-lwps=(privileged,5,deny) What will be the impact if the webadm role attempted to start a sixth LWP?

The LWP creation attempt will fail and an error code will be returned to the initiating process.

The LWP will be created and webadm#39;s oldest LWP will be suspended until sufficient resources become available.

The LWP creation attempt will fail but the system will automatically retry until the LWP has been successfully created.

The LWP creation attempt will suspend until sufficient resources become available allowing the LWP to be created.

The LWP will be created but it will immediately be suspended until sufficient resources become available for it to run.

Answer: A

Question No: 42 – (Topic 1)

Which of the descriptions is a high-level overview of how Kerberos works?

In a Kerberos environment, a user authenticates once to each service.

In a Kerberos environment, a user authenticates once to a central authority.

In a Kerberos environment, a user needs to type a password for each service.

In a Kerberos environment, a user authenticates once to any service of its choosing and is then pre authenticated for all other services.

Answer: B

Question No: 43 – (Topic 1)

By default, what are two benefits of enabling Solaris Auditing in the global zone on a system where non-global zones (NGZ) have been deployed? (Choose two.)

Audit daemons are started within each of the running NGZ.

No one within an NGZ can modify the audit logs for that NGZ.

Individual NGZ audit logs are accessible from within the NGZ.

Audit configuration settings cannot be changed inside of an NGZ.

Answer: B,D

Question No: 44 – (Topic 1)

A user needs to be able to mount the file system located on a USB memory stick on a workstation. How can you allow the user to mount and unmount this file system when required?

Give the user write access to /etc/vfstab.

Give the user write access to /etc/mnttab.

Assign the user the sys_mount privilege for the file system.

Enable and configure the automount daemon (automountd).

Enable and configure the volume management daemon (vold).

Answer: E

Question No: 45 – (Topic 1)

Which item in the list would be specifically required for a VPN compared to a mode without encryption?

Authentication Header (AH)

Internet Key Exchange (IKE)

Encapsulating Security Payload (ESP)

Streams Control Transmission Protocol (SCTP)

Answer: C

Question No: 46 – (Topic 1)

A security administrator needs to configure a Solaris system to act as a firewall between your company#39;s corporate network and the Internet, using Solaris IP Filter software to control the traffic passing between these two networks. Which is an efficient way to limit the software that can be run on this system?

Use IPsec to limit execution of non-system binaries.

Use the Solaris Security Toolkit and allow it to automatically minimize the system.

Install Solaris using the Entire Distribution Metacluster, and remove any unneeded packages.

Install Solaris using the Reduced Networking Core System Metacluster and add any extra required packages.

Answer: D

Question No: 47 – (Topic 1)

The development group would like to secure their network with IPsec. The number of hosts changes frequently, and they do not want to maintain preshared keys manually. The solution is to use IPsec with IKE and public keys. Which command is used to generate the IKE public/private key pair?

ikeadm

ikecert

ipseckey

cryptoadm

ipsecconf

Answer: B

Question No: 48 – (Topic 1)

Click the Exhibit button.

Based on this output from verifying a signed patch, which statement is correct?

The patch is correctly signed.

The patch signature manifest is invalid.

The patch signature hash was NOT supplied.

The patch signature is invalid, because NOT all files are signed.

Answer: A

Question No: 49 – (Topic 1)

Before a security administrator modifies the default privilege list used for a SMF start or stop method, it is important to first determine which privileges are actually needed by that service. Which three utilities determine what privileges are used by a program or service? (Choose three.)